HOW I FOUND STORED XSS IN (EXAMPLE.COM )

  HOW I FOUND STORED XSS IN (EXAMPLE.COM )




It was my holiday and i am working on my college project and suddenly my friend called(phone)  and said me to test  a website .  which belongs to his relative where the  site is  fresh and not tested by anyone 


and i was like 

Image result for gifs eager

after vising the site  i mapped all the pages and collected useful information (technologies used) via  wappalyzer plugin  and found some technologies they have used are not up to date


so i landed upon a page which helps users  to design  their own  applications with the project application name  .




so here the main things  that i observed is   the project application  name ,  which i passed  by user is reflecting back 






Image result for mirror shocked gif


and soon without thinking any more lets drop xss payloads , i tried  <script>alert('xss')</script> 

but noting popped up and :(  after analyzing ,  i found that the script payload  is being  sanitized and later 

after some time  i have see n that an i frame is created after building an application so i with no time i tried last payload  :
                                   
                            <iframe src=javascript:alert(document.domain)>



                 Image result for dropping bombs gifs

and luckily it popped up with an alert box saying the domain name 











after some recon i found some more bugs  and i reported  5 of them to him . thanks for reading 😁



                  Image result for party successful gif



                                                       - END -

Recent Posts